What is there to know about a person? Certainly, their name, but how about their affiliations, philosophical beliefs, or sexual orientation? The nuanced information about a person—including those elements listed above and more—falls into a data category called “personal information” or “personally identifying information” (PII).

Published in 2023, the OWASP Top 10 for LLM Applications is a monumental effort made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond. OWASP contributors came up with over 40 distinct threats and then voted and refined their list down to the ten most important vulnerabilities.

User rights permissions regulate access to computer and domain resources, with the ability to override permissions set on specific objects. Managed in Group Policy, each user right has a constant name as well as a Group Policy name associated with it. The constant names are used when referring to the user right in log events. In this section, they’re referred to as user rights, but they’re commonly known as privileges.

Our healthcare client faced a security threat through PDF generation on their platform. We discovered a flaw that allowed harmful code to be included in PDFs, enabling us to access internal server files and services as well as obtaining AWS credentials. Taking proactive steps is vital to protect healthcare systems from such vulnerabilities.

10.93 million dollars USD. That’s the average cost of a healthcare breach in the U.S. It’s an alarming number that’s only continued to climb, increasing by over 53% in the past three years, according to IBM’s 2023 Cost of a Data Breach Report. In fact, the healthcare industry has had the highest average cost of a breach for 13 years running. It’s not just the costs that are climbing, either.

Identity Management Day occurs on the second Tuesday of April, April 9 this year. It was established by the Identity Defined Security Alliance in 2021 in collaboration with the National Cybersecurity Alliance. Its primary aim is to heighten awareness about the risks associated with the lax or incorrect handling of digital identities. Effective identity management practices help prevent identity theft, fraud, and data breaches, which can have devastating consequences for both individuals and organizations.

Now more than ever, the specter of cyber threats looms large over organizations of all sizes and sectors. The consequences of a data breach stemming from just one vulnerability can be catastrophic, ranging from financial losses to irreparable reputational damage. As businesses strive to reinforce their defenses against these evolving threats, the need for a reliable and predictive cybersecurity risk assessment tool has never been greater.

A new PhaaS service brings the power of bypassing multi-factor authentication (MFA) to the world’s most-used email platforms. At its core, Tycoon 2FA isn’t doing anything new. It uses a reverse proxy server to host a phishing web page that impersonates the legitimate email platform in question. Then it intercepts the victim's input and relays them to the legitimate service. But it’s how this platform does it that is sophisticated.